Techniques
Sample rules
Suspicious AppX Package Installation Attempt
- source: sigma
- technicques:
Description
Detects an appx package installation with the error code “0x80073cff” which indicates that the package didn’t meet the signing requirements and could be suspicious
Detection logic
condition: selection
selection:
ErrorCode: '0x80073cff'
EventID: 401